{"id":7576,"date":"2020-12-16T21:11:42","date_gmt":"2020-12-17T04:11:42","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=7576"},"modified":"2023-04-05T12:41:34","modified_gmt":"2023-04-05T19:41:34","slug":"csw-analysis-of-solarwinds-vulnerabilities-weaponization","status":"publish","type":"post","link":"https:\/\/10.42.32.162\/articles\/csw-analysis-of-solarwinds-vulnerabilities-weaponization\/","title":{"rendered":"Securin’s Analysis of SolarWinds: Top Scanners Miss Several Vulnerabilities"},"content":{"rendered":"
\nThe massive breach of the SolarWinds Network Management product has compromised as many as 18,000 organizations outside of the US Government entities, security agencies, and defense entities. We took a closer look at the weaknesses that exist in other SolarWinds’ products and found that top scanners miss most of the vulnerabilities.<\/strong><\/span><\/p>\n<\/blockquote>\n
Our Key Findings<\/strong><\/h2>\n
\n
- 102 vulnerabilities exist in SolarWinds products, wherein 34 CVEs are weaponized.<\/span><\/span><\/li>\n
- 30 CVEs are rated critical; 21 are high.<\/span><\/span><\/li>\n
- 85 old vulnerabilities exist in SolarWinds, ranging from 2001 to 2019.<\/span><\/span><\/li>\n
- CWE-79 (Improper Neutralization of Input During Web Page Generation) seems to be the most exploited weakness, with 18 falling in this category.<\/span><\/span><\/li>\n
- The 15 CVEs in the Orion Network Management tool and CVE-2019-9546<\/a> are the suspected culprits for this breach. \u00a0<\/span><\/span><\/li>\n
- SolarWinds Orion Network Management tool is also responsible for the FireEye breach<\/a> when pentesters’ tools were stolen.\u00a0<\/span><\/span><\/li>\n<\/ul>\n
<\/p>\n
The Attack Surface<\/strong><\/h2>\n
When we analyzed the vulnerabilities and weaponization statistics, we observed the following:<\/span><\/span><\/p>\n
\n
- 35% of SolarWinds CVEs are weaponized.<\/span><\/span><\/li>\n
- 22 CVEs have RCE\/PE capabilities, making their fixes extremely critical.<\/span><\/span><\/li>\n
- SolarWinds’ products have vulnerabilities existing from 2001 to 2019. The maximum number of vulnerabilities is from 2019, followed by 2020 and 2010.<\/span><\/span><\/li>\n<\/ul>\n
<\/p>\n
\u00a0CWE Analysis<\/strong><\/h2>\n
\n
- CWE-79 and CWE-20 are the most exploited weaknesses in SolarWinds’ products.<\/span><\/span><\/li>\n<\/ul>\n
<\/p>\n
Old Vulnerabilities<\/strong><\/h2>\n
83% of vulnerabilities in SolarWinds are old weaknesses. These vulnerabilities range from 2001 to 2020, presenting two decades of bugs.<\/span><\/span><\/p>\n
\n
- Of these 85 vulnerabilities, 32 are weaponized with known exploits.<\/span><\/span><\/li>\n
- 13 CVEs have RCE and PE capabilities.<\/span><\/span><\/li>\n
- 23 CVEs are rated critical, 21 are high, and 41 are medium.<\/span><\/span><\/li>\n<\/ul>\n
<\/p>\n
SolarWinds’ Product Analysis<\/strong><\/h2>\n
Next, we analyzed the different types of products that have these vulnerabilities and their broad categories:\u00a0<\/span><\/span><\/p>\n
\n
- 45 vulnerabilities are associated with file transfer servers specifically used to transfer colossal data, a favorite target of threat actors who can steal and expose sensitive files.<\/span><\/span><\/li>\n<\/ul>\n
\n
- 24 CVEs were linked to the IT monitoring tool. These types of tools should not be exposed to the internet as they serve as standalone tools for pointing out critical issues.<\/span><\/span><\/li>\n<\/ul>\n
<\/p>\n
SolarWinds Global Exposure Analysis<\/strong><\/h2>\n
More than 300,000 customers worldwide, including defense, Fortune 500 companies, government agencies, telecommunication companies, and educational institutions, have been using the SolarWinds Network Monitoring tool.<\/span><\/span><\/p>\n
Country-wise exposure analysis reveals the following details:<\/span><\/span><\/p>\n
\n
- 117 countries use SolarWinds’ products, making this breach extremely critical.<\/span><\/span><\/li>\n
- The US tops the list with a count of 698 internet-facing products; the UK ranks next with 98 products, and India has 56.<\/span><\/span><\/li>\n<\/ul>\n